Vulnerabilities > Projectsend > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-7658 Authorization Bypass Through User-Controlled Key vulnerability in Projectsend
A vulnerability, which was classified as problematic, has been found in projectsend up to r1605.
network
low complexity
projectsend CWE-639
5.3
2023-02-01 CVE-2023-0607 Cross-site Scripting vulnerability in Projectsend
Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606.
network
low complexity
projectsend CWE-79
4.8
2021-10-11 CVE-2021-40884 Missing Authorization vulnerability in Projectsend R1295
Projectsend version r1295 is affected by sensitive information disclosure.
network
low complexity
projectsend CWE-862
5.5
2021-10-11 CVE-2021-40886 Path Traversal vulnerability in Projectsend R1295
Projectsend version r1295 is affected by a directory traversal vulnerability.
network
low complexity
projectsend CWE-22
4.0
2021-01-26 CVE-2020-28874 Improper Privilege Management vulnerability in Projectsend
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic.
network
low complexity
projectsend CWE-269
5.0
2019-05-22 CVE-2018-7201 Improper Neutralization of Formula Elements in a CSV File vulnerability in Projectsend
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
6.8
2019-05-22 CVE-2018-7202 Cross-site Scripting vulnerability in Projectsend
An issue was discovered in ProjectSend before r1053.
4.3
2019-04-26 CVE-2019-11533 Cross-site Scripting vulnerability in Projectsend
Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML.
4.3
2019-04-26 CVE-2019-11492 Information Exposure Through Log Files vulnerability in Projectsend
ProjectSend before r1070 writes user passwords to the server logs.
network
low complexity
projectsend CWE-532
5.0
2019-04-20 CVE-2019-11378 Unrestricted Upload of File with Dangerous Type vulnerability in Projectsend R1053
An issue was discovered in ProjectSend r1053.
network
low complexity
projectsend CWE-434
6.5